INIT: Entering runlevel: 2 [info] Using makefile-style concurrent boot in runlevel 2. [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added 'ci-upstream-kasan-gce-386-0,10.128.0.4' (ECDSA) to the list of known hosts. executing program syzkaller login: [ 48.530618] ================================================================== [ 48.531669] BUG: KASAN: slab-out-of-bounds in sctp_send_reset_streams+0xadf/0xc10 [ 48.532668] Read of size 2 at addr ffff8801d8a6c048 by task syzkaller104411/3085 [ 48.533651] [ 48.533884] CPU: 0 PID: 3085 Comm: syzkaller104411 Not tainted 4.15.0-rc2+ #119 [ 48.534872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.536091] Call Trace: [ 48.536448] dump_stack+0x194/0x257 [ 48.536939] ? arch_local_irq_restore+0x53/0x53 [ 48.537562] ? show_regs_print_info+0x18/0x18 [ 48.538168] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 48.538961] ? sctp_send_reset_streams+0xadf/0xc10 [ 48.539619] print_address_description+0x73/0x250 [ 48.540262] ? sctp_send_reset_streams+0xadf/0xc10 [ 48.540962] kasan_report+0x25b/0x340 [ 48.541476] __asan_report_load2_noabort+0x14/0x20 [ 48.542131] sctp_send_reset_streams+0xadf/0xc10 [ 48.542764] ? _copy_from_user+0x99/0x110 [ 48.543326] sctp_setsockopt+0x70d/0x5d50 [ 48.543938] ? pgtable_trans_huge_deposit+0x342/0x6d0 [ 48.544652] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 48.545451] ? pudp_huge_clear_flush+0x1f0/0x1f0 [ 48.546124] ? lock_release+0xda0/0xda0 [ 48.546656] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 48.547438] ? __lock_acquire+0x6e9/0x47f0 [ 48.548015] ? _cond_resched+0x14/0x30 [ 48.548535] ? clear_huge_page+0x309/0x730 [ 48.549106] ? _raw_spin_unlock+0x22/0x30 [ 48.549662] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 48.550383] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 48.553375] ? __lock_acquire+0x6e9/0x47f0 [ 48.557584] ? __lock_acquire+0x6e9/0x47f0 [ 48.561791] ? sctp_id2assoc+0x390/0x390 [ 48.565828] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 48.570990] ? check_noncircular+0x20/0x20 [ 48.575192] ? find_held_lock+0x39/0x1d0 [ 48.579231] ? lock_downgrade+0x980/0x980 [ 48.583351] ? find_held_lock+0x39/0x1d0 [ 48.587402] ? lock_downgrade+0x980/0x980 [ 48.591521] ? __fget+0xbb/0x580 [ 48.594863] ? lock_release+0xda0/0xda0 [ 48.598808] ? __lock_is_held+0xbc/0x140 [ 48.602846] ? __fget+0x362/0x580 [ 48.606277] ? sock_has_perm+0x29c/0x400 [ 48.610307] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 48.615642] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 48.621319] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 48.626581] compat_sock_common_setsockopt+0x104/0x140 [ 48.631829] compat_SyS_setsockopt+0x17c/0x410 [ 48.636375] ? sock_common_setsockopt+0xd0/0xd0 [ 48.641020] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 48.645749] ? do_fast_syscall_32+0x156/0xf9d [ 48.650214] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 48.654936] do_fast_syscall_32+0x3ee/0xf9d [ 48.659232] ? do_int80_syscall_32+0x9d0/0x9d0 [ 48.663787] ? kasan_check_read+0x11/0x20 [ 48.667904] ? syscall_return_slowpath+0x550/0x550 [ 48.672805] ? SyS_rt_sigaction+0x94/0x1b0 [ 48.677013] ? sysret32_from_system_call+0x5/0x3b [ 48.681827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 48.686642] entry_SYSENTER_compat+0x51/0x60 [ 48.691024] RIP: 0023:0xf7f1bc79 [ 48.694359] RSP: 002b:00000000ff9893bc EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 48.702035] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000084 [ 48.709271] RDX: 0000000000000077 RSI: 000000002018b000 RDI: 0000000000000008 [ 48.716510] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 48.723746] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 48.730981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 48.738233] [ 48.739830] Allocated by task 3085: [ 48.743426] save_stack+0x43/0xd0 [ 48.746842] kasan_kmalloc+0xad/0xe0 [ 48.750523] __kmalloc_track_caller+0x15e/0x760 [ 48.755158] memdup_user+0x2c/0x90 [ 48.758665] sctp_setsockopt+0x6a6/0x5d50 [ 48.762780] compat_sock_common_setsockopt+0x104/0x140 [ 48.768020] compat_SyS_setsockopt+0x17c/0x410 [ 48.772568] do_fast_syscall_32+0x3ee/0xf9d [ 48.776854] entry_SYSENTER_compat+0x51/0x60 [ 48.781225] [ 48.782817] Freed by task 16: [ 48.785889] save_stack+0x43/0xd0 [ 48.789307] kasan_slab_free+0x71/0xc0 [ 48.793158] kfree+0xca/0x250 [ 48.796227] selinux_cred_free+0x48/0x70 [ 48.800254] security_cred_free+0x48/0x80 [ 48.804365] put_cred_rcu+0x106/0x400 [ 48.808130] rcu_process_callbacks+0xd74/0x17d0 [ 48.812764] __do_softirq+0x29d/0xbb2 [ 48.816528] [ 48.818120] The buggy address belongs to the object at ffff8801d8a6c040 [ 48.818120] which belongs to the cache kmalloc-32 of size 32 [ 48.830567] The buggy address is located 8 bytes inside of [ 48.830567] 32-byte region [ffff8801d8a6c040, ffff8801d8a6c060) [ 48.842143] The buggy address belongs to the page: [ 48.847038] page:000000006b05592a count:1 mapcount:0 mapping:000000001ca7267d index:0xffff8801d8a6cfc1 [ 48.856450] flags: 0x2fffc0000000100(slab) [ 48.860663] raw: 02fffc0000000100 ffff8801d8a6c000 ffff8801d8a6cfc1 000000010000003f [ 48.868510] raw: ffffea000762f920 ffffea00076133e0 ffff8801db0001c0 0000000000000000 [ 48.876359] page dumped because: kasan: bad access detected [ 48.882034] [ 48.883626] Memory state around the buggy address: [ 48.888519] ffff8801d8a6bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.895850] ffff8801d8a6bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 48.903176] >ffff8801d8a6c000: fb fb fb fb fc fc fc fc 00 fc fc fc fc fc fc fc [ 48.910502] ^ [ 48.916178] ffff8801d8a6c080: fb fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc [ 48.923503] ffff8801d8a6c100: fb fb fb fb fc fc fc fc fb fb fb fb fc fc fc fc [ 48.930825] ================================================================== [ 48.938146] Disabling lock debugging due to kernel taint [ 48.943634] Kernel panic - not syncing: panic_on_warn set ... [ 48.943634] [ 48.950965] CPU: 0 PID: 3085 Comm: syzkaller104411 Tainted: G B 4.15.0-rc2+ #119 [ 48.959678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 48.968998] Call Trace: [ 48.971556] dump_stack+0x194/0x257 [ 48.975150] ? arch_local_irq_restore+0x53/0x53 [ 48.979962] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 48.984684] ? vsnprintf+0x1ed/0x1900 [ 48.988452] ? sctp_send_reset_streams+0xac0/0xc10 [ 48.993345] panic+0x1e4/0x41c [ 48.996503] ? refcount_error_report+0x214/0x214 [ 49.001224] ? add_taint+0x1c/0x50 [ 49.004727] ? add_taint+0x1c/0x50 [ 49.008231] ? sctp_send_reset_streams+0xadf/0xc10 [ 49.013135] kasan_end_report+0x50/0x50 [ 49.017072] kasan_report+0x144/0x340 [ 49.020837] __asan_report_load2_noabort+0x14/0x20 [ 49.025729] sctp_send_reset_streams+0xadf/0xc10 [ 49.030451] ? _copy_from_user+0x99/0x110 [ 49.034567] sctp_setsockopt+0x70d/0x5d50 [ 49.038682] ? pgtable_trans_huge_deposit+0x342/0x6d0 [ 49.043842] ? sctp_setsockopt_paddr_thresholds+0x540/0x540 [ 49.049519] ? pudp_huge_clear_flush+0x1f0/0x1f0 [ 49.054242] ? lock_release+0xda0/0xda0 [ 49.058181] ? trace_event_raw_event_sched_switch+0x800/0x800 [ 49.064035] ? __lock_acquire+0x6e9/0x47f0 [ 49.068234] ? _cond_resched+0x14/0x30 [ 49.072090] ? clear_huge_page+0x309/0x730 [ 49.076298] ? _raw_spin_unlock+0x22/0x30 [ 49.080411] ? do_huge_pmd_anonymous_page+0xb21/0x1b00 [ 49.085655] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 49.090812] ? __lock_acquire+0x6e9/0x47f0 [ 49.095013] ? __lock_acquire+0x6e9/0x47f0 [ 49.099215] ? sctp_id2assoc+0x390/0x390 [ 49.103244] ? debug_check_no_locks_freed+0x3d0/0x3d0 [ 49.108407] ? check_noncircular+0x20/0x20 [ 49.112606] ? find_held_lock+0x39/0x1d0 [ 49.116637] ? lock_downgrade+0x980/0x980 [ 49.120750] ? find_held_lock+0x39/0x1d0 [ 49.124790] ? lock_downgrade+0x980/0x980 [ 49.128908] ? __fget+0xbb/0x580 [ 49.132258] ? lock_release+0xda0/0xda0 [ 49.136204] ? __lock_is_held+0xbc/0x140 [ 49.140236] ? __fget+0x362/0x580 [ 49.143658] ? sock_has_perm+0x29c/0x400 [ 49.147690] ? selinux_secmark_relabel_packet+0xc0/0xc0 [ 49.153020] ? selinux_netlbl_socket_setsockopt+0x10c/0x460 [ 49.158700] ? selinux_netlbl_sock_rcv_skb+0x730/0x730 [ 49.163954] compat_sock_common_setsockopt+0x104/0x140 [ 49.169201] compat_SyS_setsockopt+0x17c/0x410 [ 49.173749] ? sock_common_setsockopt+0xd0/0xd0 [ 49.178396] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 49.183119] ? do_fast_syscall_32+0x156/0xf9d [ 49.187580] ? scm_detach_fds_compat+0x3c0/0x3c0 [ 49.192302] do_fast_syscall_32+0x3ee/0xf9d [ 49.196595] ? do_int80_syscall_32+0x9d0/0x9d0 [ 49.201143] ? kasan_check_read+0x11/0x20 [ 49.205262] ? syscall_return_slowpath+0x550/0x550 [ 49.210155] ? SyS_rt_sigaction+0x94/0x1b0 [ 49.214356] ? sysret32_from_system_call+0x5/0x3b [ 49.219165] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 49.223973] entry_SYSENTER_compat+0x51/0x60 [ 49.228345] RIP: 0023:0xf7f1bc79 [ 49.231674] RSP: 002b:00000000ff9893bc EFLAGS: 00000282 ORIG_RAX: 000000000000016e [ 49.239347] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000084 [ 49.246578] RDX: 0000000000000077 RSI: 000000002018b000 RDI: 0000000000000008 [ 49.253813] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 [ 49.261051] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 49.268292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 49.275569] Dumping ftrace buffer: [ 49.279070] (ftrace buffer empty) [ 49.282744] Kernel Offset: disabled [ 49.286337] Rebooting in 86400 seconds..